Vulnerability Database

314,496

Total vulnerabilities in the database

CVE-2021-39175

HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.

Published: Aug 30, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-39175
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hedgedoc / hedgedoc	-	1.9.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo